On 8/12/22 4:11 PM, Jens Axboe wrote:
> For that one suggestion, I suspect this will fix your issue. It's
> obviously not a thing of beauty...
While it did fix compile, it's also wrong obviously as io_rw needs to be
in that union... Thanks Keith, again!
diff --git a/include/linux/io_uring_types.h b/include/linux/io_uring_types.h
index 677a25d44d7f..7ef7cffff0d2 100644
--- a/include/linux/io_uring_types.h
+++ b/include/linux/io_uring_types.h
@@ -481,14 +481,31 @@ struct io_cqe {
};
};
+struct io_rw {
+ /* NOTE: kiocb has the file as the first member, so don't do it here */
+ struct kiocb kiocb;
+ u64 addr;
+ u32 len;
+ rwf_t flags;
+};
+
/*
* Each request type overlays its private data structure on top of this one.
- * They must not exceed this one in size.
+ * They must not exceed this one in size. We must ensure that this is big
+ * enough to hold any command type. Currently io_rw includes struct kiocb,
+ * which is marked as having a random layout for security reasons. This can
+ * cause it to grow in size if the layout ends up adding more holes or padding.
+ * Unionize io_cmd_data with io_rw to work-around this issue.
*/
struct io_cmd_data {
- struct file *file;
- /* each command gets 56 bytes of data */
- __u8 data[56];
+ union {
+ struct {
+ struct file *file;
+ /* each command gets 56 bytes of data */
+ __u8 data[56];
+ };
+ struct io_rw pad;
+ };
};
static inline void io_kiocb_cmd_sz_check(size_t cmd_sz)
diff --git a/io_uring/rw.c b/io_uring/rw.c
index 1babd77da79c..1c3a5da9dcdc 100644
--- a/io_uring/rw.c
+++ b/io_uring/rw.c
@@ -20,14 +20,6 @@
#include "rsrc.h"
#include "rw.h"
-struct io_rw {
- /* NOTE: kiocb has the file as the first member, so don't do it here */
- struct kiocb kiocb;
- u64 addr;
- u32 len;
- rwf_t flags;
-};
-
static inline bool io_file_supports_nowait(struct io_kiocb *req)
{
return req->flags & REQ_F_SUPPORT_NOWAIT;
--
Jens Axboe
